Meta Ireland, in its provision of Facebook services, transferred user data from the EU/EEA to the US in violation of Article 46(1) of the GDPR, concluded DPC Ireland on Monday 22 May 2023. Photo: Shutterstock

Meta Ireland, in its provision of Facebook services, transferred user data from the EU/EEA to the US in violation of Article 46(1) of the GDPR, concluded DPC Ireland on Monday 22 May 2023. Photo: Shutterstock

The Irish data regulator, the country where Meta has its European headquarters, announced on Monday 22 May that it was fining Mark Zuckerberg’s company €1.2bn for transfers of personal data to the United States. A new European record, but the tech company has appealed.

Just days before the fifth anniversary of the GDPR, Ireland’s data regulator (the Irish Data Protection Commission, or DPC) struck hard: Meta has been fined a record €1.2bn and given a deadline, until 22 October, to stop its problematic practice of transferring the personal data of European users to the US.

The fine exceeds those of Apple (€1.1bn for anti-competitive practices, reduced to €372m on appeal) and Amazon ().

Zuckerberg’s company has already announced that it will appeal the decision. But until the Privacy Shield between the European Union and the United States is renegotiated, Meta will have to delete quantities of data from its American servers.

Ten years of battle, says Max Schrems

“We are happy to see this decision after ten years of litigation. The fine could have been much higher, given that the maximum fine is more than 4bn and Meta has knowingly broken the law to make a profit for ten years. Unless US surveillance laws get fixed, Meta will have to fundamentally restructure its systems,” Austrian activist Max Schrems said in a statement from his organisation Noyb.

“It took us ten years of litigation against the Irish DPC to get to this result. We had to bring three procedures against the DPC and risked millions of procedural costs. The Irish regulator has done everything to avoid this decision, but was consistently overturned by the European Courts and institutions. It is kind of absurd that the record fine will go to Ireland--the EU Member State that did everything to ensure that this fine is not issued,” he noted.

Zuckerberg is unlikely to leave Europe because of Meta’s significant turnover in the EU. “This summer the EU also implements a new 'class action' system, which can be used for GDPR violations,” added Schrems.

The European Data Protection Board chairperson, Andrea Jelinek, : “The EDPB found that Meta IE’s infringement is very serious since it concerns transfers that are systematic, repetitive and continuous. Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences.”

Meta reported a net income of $5.709bn and generated a revenue of $28.645bn globally in the .

This story was first published in French on . It has been translated and edited for Delano.

Related articles